Skype has disabled the account password reset option on its website following reports that the feature can be abused to hijack Skype accounts if the attackers know the email addresses associated with them.

Instructions on how to exploit the security hole were first reported late Tuesday on a Russian-language forum. The information was later posted on Reddit and some blogs where users confirmed that the account hijacking method worked.

[UPDATE:14/11/2012@15:28GMT]
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.

A number of hours after The Next Web revealed a flaw in the way Skype handled password resets, allowing third-parties to hijack accounts using just an email address, Skype has said that it has now fixed the issue. The company has confirmed it first mitigated the issue, but has now updated its password reset process so that it doesn’t send tokens to the client.

Skype has a Chinese version namely "Tom-skype" which was reported that it's a hacked version by the Chinese government. That Tom-Skype is still out there after many years. People communicate between Tom-skype and skype without problem.